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AUTHORIZING NETWORK REQUESTS 

BACKGROUND 

[0001] Printing solutions developed for public venues such as hotels and coffee 
shops provide customers with access to shared printers. A venue can set its own 
printing policies and implement its own printing related services. For example, a 
hotel may have a policy to charge its customers five cents for each page printed. 
The hotel may provide a service that allows a customer to specify that printed 
documents are to be delivered to the customer's room or held at the front desk to 
be picked up. 

[0002] Consequently, there is a need for a solution that will allow a venue to 
restrict access to a shared printer allowing access to authorized venue customers. 
Existing solutions include requiring customers to supply a username and password. 
However, this requires customers to establish an account before they can use the 
printer. Another solution involves requiring venue customers to supply payment 
information such as a credit card number with each request to use the printer. This 
doesn't allow for cash payments and it does not allow a venue such as a hotel to 
include printer use fees with the customer's room bill. 

DESCRIPTION OF THE DRAWINGS 

[0003] Fig. 1 illustrates an exemplary network in which embodiments of the 
present invention can be implemented. 

[0004] Fig. 2 is a schematic representation of the program elements operating on 
the devices of Fig. 1 according to an embodiment of the present invention. 
[0005] Fig. 3 is an exemplary table illustrating policy data according to an 
embodiment of the present invention. 

[0006] Fig. 4 is an exemplary flow diagram illustrating steps taken to practice an 
embodiment of the present invention. 
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DETAILED DESCRIPTION 

[0007] Glossary: 

[0008] Program: An organized list of electronic instructions that, when 
executed, causes a device to behave in a predetermined manner. The term program 
is both singular and plural in nature. A program can take many forms. For 
example, it may be software stored on a computer's disk drive. It may be firmware 
written onto read-only memory. It may be embodied in hardware as a circuit or 
state machine that employs any one of or a combination of a number of 
technologies. These technologies may include, but are not limited to, discrete logic 
circuits having logic gates for implementing various logic functions upon an 
application of one or more data signals, application specific integrated circuits 
having appropriate logic gates, programmable gate arrays (PGA), field programmable 
gate arrays (FPGA), or other components, 

[0009] Client - Server: A model of interaction between two programs. For 
example, a program operating on one network device sends a request to a program 
operating on another network device and waits for a response. The requesting 
program is referred to as the "client" while the device on which the client operates 
is referred to as the "client device." The responding program is referred to as the 
"server," while the device on which the server operates is referred to as the "server 
device." The server is responsible for acting on the client request and returning the 
requested information, if any, back to the client. This requested information may be 
an electronic file such as a word processing document or spread sheet, a web page, 
or any other electronic data to be displayed or used by the client. In any given 
network there may be multiple clients and multiple servers. A single device may 
contain a program or programs allowing it to operate both as a client device and as 
a server device. Moreover, a client and a server may both operate on the same 
device. 

[0010] Web Server: A server that implements HTTP (Hypertext Transport 
Protocol). A web server can host a web site or a web service or both. A web site 
provides a user interface by supplying web pages to a requesting client, in this case 
a web browser. Web pages can be delivered in a number of formats including, but 
not limited to, HTML (Hyper-Text Markup Language) and XML (extensible Markup 
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Language). Web pages may be generated on demand using server side scripting 
technologies including, but not limited to, ASP (Active Server Pages) and JSP (Java 
Server Pages). A web page is typically accessed through a network address. The 
network address can take the form of an URL (Uniform Resource Locator), IP 
(Internet Protocol) address, or any other unique addressing mechanism. A web 
service provides a programmatic interface that may be exposed using a variety of 
protocols layered on top of HTTP, such as SOAP (Simple Object Access Protocol). 
[0011] Network Device: A device equipped to be accessed remotely over a 
network. Common examples include printers, scanners, and routers. However, 
other common household appliances such as refrigerators, microwaves, televisions, 
stereos, and home security systems can be network devices if properly equipped. 
[0012] Introduction: Embodiments of the present invention operate to restrict 
access to a network device. Upon receiving a network request directed to the 
device, the network address from which the request originated is identified. If that 
address is identified as an address from which requests are to be allowed, the 
request is accepted. Otherwise, the request is rejected. 

[0013] Fig. 1 illustrates an exemplary network 10 in which various embodiments 
of the present invention may be implemented. Network 10 includes network device 
12, and computers 14-18. Network device 12 and computers 14-18 are 
interconnected by link 20. While network device 12 is shown as a printer, network 
device 12 may be any device equipped to communicate over network 10. Similarly, 
computers 14 and 16 can be any type of computing devices equipped to 
communicate over network 10 and make requests of network device 12. Link 20 
represents generally any cable, wireless, or remote connection via a 
telecommunication link, an infrared link, a radio frequency link, or any other 
connector or system that provides electronic communication between network 
device 12 and computers 14-18. Link 20 represents the infrastructure of network 
10 and includes one or more servers, switches, routers, and/or hubs that operate to 
direct network traffic between computers 14-18 and network device 12. 
[0014] Components: Fig. 2 is a schematic representation of network 10 illustrating 
the program elements operating on network device 12. Network device 12 includes 
functional components 22, device server 24, request manager 26, source detector 
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28, and policy data 30. While policy data 30, source detector 28, and request 
manager 26 are shown as being embedded on network device 12, it is noted that 
one or more of those components may be provided by a device other than network 
device 1 2. 

[0015] Functional components 22 represent the hardware and/or programs for 
performing the functions for which network device 12 is intended. For example, 
where network device 12 is a printer or other image forming device, functional 
components 22 are those components responsible for producing a printed image on 
paper or other print media. Where network device 12 is a refrigerator, functional 
components 30 are those components responsible for keeping food cold. 
[0016] Device server 24 represents generally any program capable of receiving 
network requests from computers 14-18 directed to network device 12. A network 
request directed to network device 12 is a request to utilize a function provided by 
network device 12. For example, where network device 1 2 is a printer, a network 
request can be instructions to print a document. Where for example, a network 
device is a stereo, a network request can be an instruction to play a specified track 
on a particular compact disc. Functional components 22 are responsible for acting 
on a network request. 

[0017] Request manager 26 represents generally any program capable of 
determining whether to accept or reject a network request received by device server 
24. Accepting a network request involves allowing or otherwise directing 
functional components 22 to act on the network request. Rejecting a network 
request involves preventing functional components 22 from acting on a network 
request. 

[0018] Source detector 28 represents generally any program capable of identifying 
a network address from which a network request originated. Computers 14-18 are 
each assigned their own network address. A network address can be a MAC 
(Media Access Control) address, IP (Internet Protocol) address, or any other format 
that uniquely identifies a device on network 10. For example, a network address 
can be data identifying a port on a particular hub, router, or server through which 
the device is connected to network 10. The connection can be physical or 
wireless. In the example of Fig. 2, computer 14 (labeled "Authorized Venue 
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Station") is connected to port A of hub A used by link 20. Computer 18 (labeled 
"Unauthorized Venue Station") is connected to port B of hub B. The network 
address "port A, hub A" can be used to identify computer 14. The network address 
"port B, hub B" can be used to identify computer 18. Source detector 28 may 
perform its task by communicating with network infrastructure hardware such as 
the servers, routers, hubs, and/or switches used by link 20 to learn the identity of a 
port through which a network request originated. 

[0019] A network address identifying a port (port address) through which a 
connection can be made with a given network typically remains constant regardless 
of the device used to make the connection. IP addresses, however, are often not 
static. A MAC address remains constant so long as the same device is always used 
to make a connection to the network. Imagine a venue such as a hotel with data 
ports connecting each room to the hotel's network. A hotel guest with her own 
portable computer can connect to a port in her room. Each time the guest turns on 
her computer, she is assigned a new IP address. Her MAC address is dictated by 
her computer's network card. Without requesting information from the guest, the 
hotel will not be able to associate the guest's MAC or IP address with the guest. 
The one address known to the hotel without acquiring any information from the 
guest is the port address for the guest's room. 

[0020] Policy data 30 represents generally any electronic data that can be used by 
request manager 26 to make a determination of whether to accept or reject a 
network request. For example, policy data may include a list of authorized network 
addresses. Request manager 26, then, only accepts network requests originating 
from a network address identified by policy data 30. Network request originating 
from a network address not identified by policy data 30 are rejected. 
[0021] In the example of Fig. 2, policy data 30 contains the network address for 
computer 14 - the authorized venue station. Policy data 30 does not contain the 
network address of computer 18 - the unauthorized venue station. Consequently, 
network requests from computer 14 are accepted, and network requests from 
computer 18 are rejected. 

[0022] Fig. 3 illustrates policy data 30 in the form of a table. As shown, policy 
data table 30 includes a number of entries 32. Each entry includes an address field 



5 



Attorney Docket No. 
200308676-1 



34 and a billing field 38. The address field 34 of each given entry 32 contains data 
identifying a network address from which network requests will be accepted. The 
billing field 38 of a given entry 32 contains data identifying how charges are to be 
made. 

[0023] For example, where network 10 of Figs. 1 and 2 is located in a hotel, a 
user may be a hotel guest. The data in address field 34 of an entry 32 identifies 
the network address such as a port address associated with the guest's room. 
Data in billing field 38 identifies how charges are to be made for the use of network 
device 12. Data in billing field 38 might indicate that the a charge is to appear on a 
bill for a particular room associated with the network address, or it may indicate 
that a charge is to made to a credit card or prepaid account corresponding to a 
room associated with the network address. Where the network device is a printer, 
data in billing field may also indicate a specified price per page. 
[0024] The block diagram of Fig. 2 shows the architecture, functionality, and 
operation of an embodiment of the present invention. Each block may represent in 
whole or in part a module, segment, or portion of code that comprises one or more 
executable instructions of a program or programs for implementing the specified 
logical function(s). Each block may represent a circuit or a number of 
interconnected circuits to implement the specified logical function(s). 
[0025] Also, the present invention can be embodied in any computer-readable 
media for use by or in connection with an instruction execution system such as a 
computer/processor based system or an ASIC (Application Specific Integrated 
Circuit) or other system that can fetch or obtain the logic from computer-readable 
media and execute the instructions contained therein. "Computer-readable media" 
can be any media that can contain, store, or maintain programs and data for use by 
or in connection with the instruction execution system. Computer readable media 
can comprise any one of many physical media such as, for example, electronic, 
magnetic, optical, electromagnetic, infrared, or semiconductor media. More specific 
examples of suitable computer-readable media include, but are not limited to, a 
portable magnetic computer diskette such as floppy diskettes or hard drives, a 
random access memory (RAM), a read-only memory (ROM), an erasable 
programmable read-only memory, or a portable compact disc. 
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[0026] Operation: Exemplary steps taken to practice the invention are described 
with reference to Fig. 4. A network request is received (step 40). A port address 
or other suitable network address from which the network request originated is 
identified (step 42). It is determined whether the identified network address is 
authorized (step 44). If not authorized, the network request is rejected (step 46). 
If authorized, the network request is accepted (step 48), and use data is reported 
(step 50). Use data is data that in some manner indicates that a network request 
received in step 40 originating from an address identified in step 42 has been 
accepted in step 48 and acted upon by a network device. Use data can include or 
be based on billing information - information identifying or otherwise usable to 
identify a fee to be charged for acting on a network request as well as a manner in 
which the fee is to be charged. 

[0027] Using Fig. 2 as an example, the steps shown in Fig. 4 are explained in more 
detail. Assume that network 10 is located in a venue such as a coffee shop. 
Network device 1 2 is a printer. The network infrastructure of link 20 includes hubs 
A and B and router A. Computer 14 is connected to network 10 through port A on 
hub A. Computer B is connected to port B on hub B. The port address 
corresponding to port A on hub A is authorized for sending print requests to 
network device 12. The port address corresponding to port B on hub B is not 
authorized to send print requests to network device 12. 

[0028] Coffee shop customers send print requests from computers 14 and 18 to 
network device 12. Device server 24 receives those requests in step 40. Source 
detector 28 communicates with the network infrastructure, namely router A, hub A, 
and hub B of link 20, to identify the port addresses from which each of the requests 
originated in step 42. With the port addresses identified, request manager 26, in 
step 44, accesses policy data to determine if those port addresses are authorized. 
Request manager 26 determines that the port address for computer 18 is not 
authorized and rejects that request in step 46. Request manager 26, locating an 
entry 32 in policy data 30 containing data identifying port A hub A, determines that 
the port address for computer 14 is authorized and accepts that request in step 48. 
Functional components 22 act on the request and print a document. 
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[0029] In step 50, request manager 26 reports that the print request for the 
customer using computer 14 has been accepted and printed. Referring to Fig. 3, 
policy data 30 includes an entry 32 with an address field 34 identifying a network 
address for computer 14, in this case, "port A of hub A." That entry 32 also 
includes billing field 38 containing data indicating how the coffee shop's customer 
using computer 14 is to be billed. For example, the customer may have an open 
tab. The data in billing field 38, then, may then indicate that customer is to be 
charged twenty cents for each printed page. In step 50, request manager 26 
obtains this billing information from policy data 30, counts the number of printed 
pages and reports use data identifying, in this example, the number of printed pages 
and the price per page, to computer 16 - labeled "Venue Admin Station" in Fig. 2. 
A computer program operating on computer 16 or a coffee shop employee 
monitoring computer 16 can, with the reported use data, add a printing charge to 
the customer's tab. 

[0030] Conclusion: The present invention has been shown and described with 
reference to the foregoing exemplary embodiments. It is to be understood, 
however, that other forms, details, and embodiments may be made without 
departing from the spirit and scope of the invention that is defined in the following 
claims. 
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